Back to index

lightning-sunbird  0.9+nobinonly
Classes | Enumerations | Functions | Variables
devutil.c File Reference
#include "devm.h"
#include "ckhelper.h"

Go to the source code of this file.

Classes

struct  nssCryptokiObjectAndAttributes
struct  nssTokenObjectCacheStr

Enumerations

enum  { cachedCerts = 0, cachedTrust = 1, cachedCRLs = 2 }

Functions

NSS_IMPLEMENT nssCryptokiObject * nssCryptokiObject_Create (NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h)
NSS_IMPLEMENT void nssCryptokiObject_Destroy (nssCryptokiObject *object)
NSS_IMPLEMENT nssCryptokiObject * nssCryptokiObject_Clone (nssCryptokiObject *object)
NSS_EXTERN PRBool nssCryptokiObject_Equal (nssCryptokiObject *o1, nssCryptokiObject *o2)
NSS_IMPLEMENT PRUint32 nssPKCS11String_Length (CK_CHAR *pkcs11Str, PRUint32 bufLen)
NSS_IMPLEMENT NSSSlot ** nssSlotArray_Clone (NSSSlot **slots)
NSS_IMPLEMENT void nssSlotArray_Destroy (NSSSlot **slots)
NSS_IMPLEMENT void NSSSlotArray_Destroy (NSSSlot **slots)
NSS_IMPLEMENT void nssTokenArray_Destroy (NSSToken **tokens)
NSS_IMPLEMENT void NSSTokenArray_Destroy (NSSToken **tokens)
NSS_IMPLEMENT void nssCryptokiObjectArray_Destroy (nssCryptokiObject **objects)
NSS_IMPLEMENT nssTokenObjectCache * nssTokenObjectCache_Create (NSSToken *token, PRBool cacheCerts, PRBool cacheTrust, PRBool cacheCRLs)
static void clear_cache (nssTokenObjectCache *cache)
NSS_IMPLEMENT void nssTokenObjectCache_Clear (nssTokenObjectCache *cache)
NSS_IMPLEMENT void nssTokenObjectCache_Destroy (nssTokenObjectCache *cache)
NSS_IMPLEMENT PRBool nssTokenObjectCache_HaveObjectClass (nssTokenObjectCache *cache, CK_OBJECT_CLASS objclass)
static
nssCryptokiObjectAndAttributes ** 
create_object_array (nssCryptokiObject **objects, PRBool *doObjects, PRUint32 *numObjects, PRStatus *status)
static
nssCryptokiObjectAndAttributes
create_object (nssCryptokiObject *object, const CK_ATTRIBUTE_TYPE *types, PRUint32 numTypes, PRStatus *status)
static PRBool token_is_present (nssTokenObjectCache *cache)
static PRBool search_for_objects (nssTokenObjectCache *cache)
static
nssCryptokiObjectAndAttributes
create_cert (nssCryptokiObject *object, PRStatus *status)
static PRStatus get_token_certs_for_cache (nssTokenObjectCache *cache)
static
nssCryptokiObjectAndAttributes
create_trust (nssCryptokiObject *object, PRStatus *status)
static PRStatus get_token_trust_for_cache (nssTokenObjectCache *cache)
static
nssCryptokiObjectAndAttributes
create_crl (nssCryptokiObject *object, PRStatus *status)
static PRStatus get_token_crls_for_cache (nssTokenObjectCache *cache)
static CK_ATTRIBUTE_PTR find_attribute_in_object (nssCryptokiObjectAndAttributes *obj, CK_ATTRIBUTE_TYPE attrType)
static nssCryptokiObject ** find_objects_in_array (nssCryptokiObjectAndAttributes **objArray, CK_ATTRIBUTE_PTR ot, CK_ULONG otlen, PRUint32 maximumOpt)
NSS_IMPLEMENT nssCryptokiObject ** nssTokenObjectCache_FindObjectsByTemplate (nssTokenObjectCache *cache, CK_OBJECT_CLASS objclass, CK_ATTRIBUTE_PTR otemplate, CK_ULONG otlen, PRUint32 maximumOpt, PRStatus *statusOpt)
static PRBool cache_available_for_object_type (nssTokenObjectCache *cache, PRUint32 objectType)
NSS_IMPLEMENT PRStatus nssTokenObjectCache_GetObjectAttributes (nssTokenObjectCache *cache, NSSArena *arenaOpt, nssCryptokiObject *object, CK_OBJECT_CLASS objclass, CK_ATTRIBUTE_PTR atemplate, CK_ULONG atlen)
NSS_IMPLEMENT PRStatus nssTokenObjectCache_ImportObject (nssTokenObjectCache *cache, nssCryptokiObject *object, CK_OBJECT_CLASS objclass, CK_ATTRIBUTE_PTR ot, CK_ULONG otlen)
NSS_IMPLEMENT void nssTokenObjectCache_RemoveObject (nssTokenObjectCache *cache, nssCryptokiObject *object)
NSS_IMPLEMENT
NSSAlgorithmAndParameters * 
NSSAlgorithmAndParameters_CreateSHA1Digest (NSSArena *arenaOpt)
NSS_IMPLEMENT
NSSAlgorithmAndParameters * 
NSSAlgorithmAndParameters_CreateMD5Digest (NSSArena *arenaOpt)

Variables

enum { ... }  cachedObjectType

Class Documentation

struct nssCryptokiObjectAndAttributes

Definition at line 221 of file devutil.c.

Collaboration diagram for nssCryptokiObjectAndAttributes:
Class Members
NSSArena * arena
CK_ATTRIBUTE_PTR attributes
CK_ULONG numAttributes
nssCryptokiObject * object
struct nssTokenObjectCacheStr

Definition at line 236 of file devutil.c.

Collaboration diagram for nssTokenObjectCacheStr:
Class Members
PRBool doObjectType
PZLock * lock
PRBool loggedIn
nssCryptokiObjectAndAttributes ** objects
PRBool searchedObjectType
NSSToken * token

Enumeration Type Documentation

anonymous enum
Enumerator:
cachedCerts 
cachedTrust 
cachedCRLs 

Definition at line 230 of file devutil.c.


Function Documentation

static PRBool cache_available_for_object_type ( nssTokenObjectCache *  cache,
PRUint32  objectType 
) [static]

Definition at line 886 of file devutil.c.

{
    if (!cache->doObjectType[objectType]) {
       /* not caching this object kind */
       return PR_FALSE;
    }
    if (!cache->searchedObjectType[objectType]) {
       /* objects are not cached yet */
       return PR_FALSE;
    }
    if (!search_for_objects(cache)) {
       /* not logged in */
       return PR_FALSE;
    }
    return PR_TRUE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void clear_cache ( nssTokenObjectCache *  cache) [static]

Definition at line 273 of file devutil.c.

{
    nssCryptokiObjectAndAttributes **oa;
    PRUint32 objectType;
    for (objectType = cachedCerts; objectType <= cachedCRLs; objectType++) {
       cache->searchedObjectType[objectType] = PR_FALSE;
       if (!cache->objects[objectType]) {
           continue;
       }
       for (oa = cache->objects[objectType]; *oa; oa++) {
           /* prevent the token from being destroyed */
           (*oa)->object->token = NULL;
           nssCryptokiObject_Destroy((*oa)->object);
           nssArena_Destroy((*oa)->arena);
       }
       nss_ZFreeIf(cache->objects[objectType]);
       cache->objects[objectType] = NULL;
    }
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nssCryptokiObjectAndAttributes* create_cert ( nssCryptokiObject *  object,
PRStatus status 
) [static]

Definition at line 495 of file devutil.c.

{
    static const CK_ATTRIBUTE_TYPE certAttr[] = {
       CKA_CLASS,
       CKA_TOKEN,
       CKA_LABEL,
       CKA_CERTIFICATE_TYPE,
       CKA_ID,
       CKA_VALUE,
       CKA_ISSUER,
       CKA_SERIAL_NUMBER,
       CKA_SUBJECT,
       CKA_NETSCAPE_EMAIL
    };
    static const PRUint32 numCertAttr = sizeof(certAttr) / sizeof(certAttr[0]);
    return create_object(object, certAttr, numCertAttr, status);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nssCryptokiObjectAndAttributes* create_crl ( nssCryptokiObject *  object,
PRStatus status 
) [static]

Definition at line 648 of file devutil.c.

{
    static const CK_ATTRIBUTE_TYPE crlAttr[] = {
       CKA_CLASS,
       CKA_TOKEN,
       CKA_LABEL,
       CKA_VALUE,
       CKA_SUBJECT,
       CKA_NETSCAPE_KRL,
       CKA_NETSCAPE_URL
    };
    static const PRUint32 numCRLAttr = sizeof(crlAttr) / sizeof(crlAttr[0]);
    return create_object(object, crlAttr, numCRLAttr, status);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nssCryptokiObjectAndAttributes* create_object ( nssCryptokiObject *  object,
const CK_ATTRIBUTE_TYPE types,
PRUint32  numTypes,
PRStatus status 
) [static]

Definition at line 371 of file devutil.c.

{
    PRUint32 j;
    NSSArena *arena;
    NSSSlot *slot = NULL;
    nssSession *session = NULL;
    nssCryptokiObjectAndAttributes *rvCachedObject = NULL;

    slot = nssToken_GetSlot(object->token);
    session = nssToken_GetDefaultSession(object->token);

    arena = nssArena_Create();
    if (!arena) {
       goto loser;
    }
    rvCachedObject = nss_ZNEW(arena, nssCryptokiObjectAndAttributes);
    if (!rvCachedObject) {
       goto loser;
    }
    rvCachedObject->arena = arena;
    /* The cache is tied to the token, and therefore the objects
     * in it should not hold references to the token.
     */
    nssToken_Destroy(object->token);
    rvCachedObject->object = object;
    rvCachedObject->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, numTypes);
    if (!rvCachedObject->attributes) {
       goto loser;
    }
    for (j=0; j<numTypes; j++) {
       rvCachedObject->attributes[j].type = types[j];
    }
    *status = nssCKObject_GetAttributes(object->handle,
                                        rvCachedObject->attributes,
                                        numTypes,
                                        arena,
                                        session,
                                        slot);
    if (*status != PR_SUCCESS) {
       goto loser;
    }
    rvCachedObject->numAttributes = numTypes;
    *status = PR_SUCCESS;
    if (slot) {
       nssSlot_Destroy(slot);
    }
    return rvCachedObject;
loser:
    *status = PR_FAILURE;
    if (slot) {
       nssSlot_Destroy(slot);
    }
    if (arena)
       nssArena_Destroy(arena);
    return (nssCryptokiObjectAndAttributes *)NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nssCryptokiObjectAndAttributes** create_object_array ( nssCryptokiObject **  objects,
PRBool doObjects,
PRUint32 numObjects,
PRStatus status 
) [static]

Definition at line 338 of file devutil.c.

{
    nssCryptokiObjectAndAttributes **rvOandA = NULL;
    *numObjects = 0;
    /* There are no objects for this type */
    if (!objects || !*objects) {
       *status = PR_SUCCESS;
       return rvOandA;
    }
    while (*objects++) (*numObjects)++;
    if (*numObjects >= MAX_LOCAL_CACHE_OBJECTS) {
       /* Hit the maximum allowed, so don't use a cache (there are
        * too many objects to make caching worthwhile, presumably, if
        * the token can handle that many objects, it can handle searching.
        */
       *doObjects = PR_FALSE;
       *status = PR_FAILURE;
       *numObjects = 0;
    } else {
       rvOandA = nss_ZNEWARRAY(NULL, 
                               nssCryptokiObjectAndAttributes *, 
                               *numObjects + 1);
       *status = rvOandA ? PR_SUCCESS : PR_FAILURE;
    }
    return rvOandA;
}

Here is the caller graph for this function:

static nssCryptokiObjectAndAttributes* create_trust ( nssCryptokiObject *  object,
PRStatus status 
) [static]

Definition at line 571 of file devutil.c.

{
    static const CK_ATTRIBUTE_TYPE trustAttr[] = {
       CKA_CLASS,
       CKA_TOKEN,
       CKA_LABEL,
       CKA_CERT_SHA1_HASH,
       CKA_CERT_MD5_HASH,
       CKA_ISSUER,
       CKA_SUBJECT,
       CKA_TRUST_SERVER_AUTH,
       CKA_TRUST_CLIENT_AUTH,
       CKA_TRUST_EMAIL_PROTECTION,
       CKA_TRUST_CODE_SIGNING
    };
    static const PRUint32 numTrustAttr = sizeof(trustAttr) / sizeof(trustAttr[0]);
    return create_object(object, trustAttr, numTrustAttr, status);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 721 of file devutil.c.

{
    PRUint32 j;
    for (j=0; j<obj->numAttributes; j++) {
       if (attrType == obj->attributes[j].type) {
           return &obj->attributes[j];
       }
    }
    return (CK_ATTRIBUTE_PTR)NULL;
}

Here is the caller graph for this function:

static nssCryptokiObject** find_objects_in_array ( nssCryptokiObjectAndAttributes **  objArray,
CK_ATTRIBUTE_PTR  ot,
CK_ULONG  otlen,
PRUint32  maximumOpt 
) [static]

Definition at line 737 of file devutil.c.

{
    PRIntn oi = 0;
    PRUint32 i;
    NSSArena *arena;
    PRUint32 size = 8;
    PRUint32 numMatches = 0;
    nssCryptokiObject **objects = NULL;
    nssCryptokiObjectAndAttributes **matches = NULL;
    CK_ATTRIBUTE_PTR attr;

    if (!objArray) {
       return (nssCryptokiObject **)NULL;
    }
    arena = nssArena_Create();
    if (!arena) {
       return (nssCryptokiObject **)NULL;
    }
    matches = nss_ZNEWARRAY(arena, nssCryptokiObjectAndAttributes *, size);
    if (!matches) {
       goto loser;
    }
    if (maximumOpt == 0) maximumOpt = ~0;
    /* loop over the cached objects */
    for (; *objArray && numMatches < maximumOpt; objArray++) {
       nssCryptokiObjectAndAttributes *obj = *objArray;
       /* loop over the test template */
       for (i=0; i<otlen; i++) {
           /* see if the object has the attribute */
           attr = find_attribute_in_object(obj, ot[i].type);
           if (!attr) {
              /* nope, match failed */
              break;
           }
           /* compare the attribute against the test value */
           if (ot[i].ulValueLen != attr->ulValueLen ||
               !nsslibc_memequal(ot[i].pValue, 
                                 attr->pValue,
                                 attr->ulValueLen, NULL))
           {
              /* nope, match failed */
              break;
           }
       }
       if (i == otlen) {
           /* all of the attributes in the test template were found
            * in the object's template, and they all matched
            */
           matches[numMatches++] = obj;
           if (numMatches == size) {
              size *= 2;
              matches = nss_ZREALLOCARRAY(matches, 
                                          nssCryptokiObjectAndAttributes *, 
                                          size);
              if (!matches) {
                  goto loser;
              }
           }
       }
    }
    if (numMatches > 0) {
       objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1);
       if (!objects) {
           goto loser;
       }
       for (oi=0; oi<(PRIntn)numMatches; oi++) {
           objects[oi] = nssCryptokiObject_Clone(matches[oi]->object);
           if (!objects[oi]) {
              goto loser;
           }
       }
    }
    nssArena_Destroy(arena);
    return objects;
loser:
    if (objects) {
       for (--oi; oi>=0; --oi) {
           nssCryptokiObject_Destroy(objects[oi]);
       }
    }
    nssArena_Destroy(arena);
    return (nssCryptokiObject **)NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus get_token_certs_for_cache ( nssTokenObjectCache *  cache) [static]

Definition at line 517 of file devutil.c.

{
    PRStatus status;
    nssCryptokiObject **objects;
    PRBool *doIt = &cache->doObjectType[cachedCerts];
    PRUint32 i, numObjects;

    if (!search_for_objects(cache) || 
         cache->searchedObjectType[cachedCerts] || 
        !cache->doObjectType[cachedCerts]) 
    {
       /* Either there was a state change that prevents a search
        * (token logged out), or the search was already done,
        * or certs are not being cached.
        */
       return PR_SUCCESS;
    }
    objects = nssToken_FindCertificates(cache->token, NULL,
                                        nssTokenSearchType_TokenForced,
                                    MAX_LOCAL_CACHE_OBJECTS, &status);
    if (status != PR_SUCCESS) {
       return status;
    }
    cache->objects[cachedCerts] = create_object_array(objects,
                                                      doIt,
                                                      &numObjects,
                                                      &status);
    if (status != PR_SUCCESS) {
       return status;
    }
    for (i=0; i<numObjects; i++) {
       cache->objects[cachedCerts][i] = create_cert(objects[i], &status);
       if (status != PR_SUCCESS) {
           break;
       }
    }
    if (status == PR_SUCCESS) {
       nss_ZFreeIf(objects);
    } else {
       PRUint32 j;
       for (j=0; j<i; j++) {
           /* sigh */
           nssToken_AddRef(cache->objects[cachedCerts][j]->object->token);
           nssArena_Destroy(cache->objects[cachedCerts][j]->arena);
       }
       nssCryptokiObjectArray_Destroy(objects);
    }
    cache->searchedObjectType[cachedCerts] = PR_TRUE;
    return status;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus get_token_crls_for_cache ( nssTokenObjectCache *  cache) [static]

Definition at line 667 of file devutil.c.

{
    PRStatus status;
    nssCryptokiObject **objects;
    PRBool *doIt = &cache->doObjectType[cachedCRLs];
    PRUint32 i, numObjects;

    if (!search_for_objects(cache) || 
         cache->searchedObjectType[cachedCRLs] || 
        !cache->doObjectType[cachedCRLs]) 
    {
       /* Either there was a state change that prevents a search
        * (token logged out), or the search was already done,
        * or CRLs are not being cached.
        */
       return PR_SUCCESS;
    }
    objects = nssToken_FindCRLs(cache->token, NULL,
                                nssTokenSearchType_TokenForced,
                            MAX_LOCAL_CACHE_OBJECTS, &status);
    if (status != PR_SUCCESS) {
       return status;
    }
    cache->objects[cachedCRLs] = create_object_array(objects,
                                                     doIt,
                                                     &numObjects,
                                                     &status);
    if (status != PR_SUCCESS) {
       return status;
    }
    for (i=0; i<numObjects; i++) {
       cache->objects[cachedCRLs][i] = create_crl(objects[i], &status);
       if (status != PR_SUCCESS) {
           break;
       }
    }
    if (status == PR_SUCCESS) {
       nss_ZFreeIf(objects);
    } else {
       PRUint32 j;
       for (j=0; j<i; j++) {
           /* sigh */
           nssToken_AddRef(cache->objects[cachedCRLs][j]->object->token);
           nssArena_Destroy(cache->objects[cachedCRLs][j]->arena);
       }
       nssCryptokiObjectArray_Destroy(objects);
    }
    cache->searchedObjectType[cachedCRLs] = PR_TRUE;
    return status;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRStatus get_token_trust_for_cache ( nssTokenObjectCache *  cache) [static]

Definition at line 594 of file devutil.c.

{
    PRStatus status;
    nssCryptokiObject **objects;
    PRBool *doIt = &cache->doObjectType[cachedTrust];
    PRUint32 i, numObjects;

    if (!search_for_objects(cache) || 
         cache->searchedObjectType[cachedTrust] || 
        !cache->doObjectType[cachedTrust]) 
    {
       /* Either there was a state change that prevents a search
        * (token logged out), or the search was already done,
        * or trust is not being cached.
        */
       return PR_SUCCESS;
    }
    objects = nssToken_FindTrustObjects(cache->token, NULL,
                                        nssTokenSearchType_TokenForced,
                                    MAX_LOCAL_CACHE_OBJECTS, &status);
    if (status != PR_SUCCESS) {
       return status;
    }
    cache->objects[cachedTrust] = create_object_array(objects,
                                                      doIt,
                                                      &numObjects,
                                                      &status);
    if (status != PR_SUCCESS) {
       return status;
    }
    for (i=0; i<numObjects; i++) {
       cache->objects[cachedTrust][i] = create_trust(objects[i], &status);
       if (status != PR_SUCCESS) {
           break;
       }
    }
    if (status == PR_SUCCESS) {
       nss_ZFreeIf(objects);
    } else {
       PRUint32 j;
       for (j=0; j<i; j++) {
           /* sigh */
           nssToken_AddRef(cache->objects[cachedTrust][j]->object->token);
           nssArena_Destroy(cache->objects[cachedTrust][j]->arena);
       }
       nssCryptokiObjectArray_Destroy(objects);
    }
    cache->searchedObjectType[cachedTrust] = PR_TRUE;
    return status;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NSS_IMPLEMENT NSSAlgorithmAndParameters* NSSAlgorithmAndParameters_CreateMD5Digest ( NSSArena *  arenaOpt)

Definition at line 1133 of file devutil.c.

{
    NSSAlgorithmAndParameters *rvAP = NULL;
    rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
    if (rvAP) {
       rvAP->mechanism.mechanism = CKM_MD5;
       rvAP->mechanism.pParameter = NULL;
       rvAP->mechanism.ulParameterLen = 0;
    }
    return rvAP;
}

Here is the caller graph for this function:

NSS_IMPLEMENT NSSAlgorithmAndParameters* NSSAlgorithmAndParameters_CreateSHA1Digest ( NSSArena *  arenaOpt)

Definition at line 1118 of file devutil.c.

{
    NSSAlgorithmAndParameters *rvAP = NULL;
    rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
    if (rvAP) {
       rvAP->mechanism.mechanism = CKM_SHA_1;
       rvAP->mechanism.pParameter = NULL;
       rvAP->mechanism.ulParameterLen = 0;
    }
    return rvAP;
}

Here is the caller graph for this function:

NSS_IMPLEMENT nssCryptokiObject* nssCryptokiObject_Clone ( nssCryptokiObject *  object)

Definition at line 98 of file devutil.c.

{
    nssCryptokiObject *rvObject;
    rvObject = nss_ZNEW(NULL, nssCryptokiObject);
    if (rvObject) {
       rvObject->handle = object->handle;
       rvObject->token = nssToken_AddRef(object->token);
       rvObject->isTokenObject = object->isTokenObject;
       if (object->label) {
           rvObject->label = nssUTF8_Duplicate(object->label, NULL);
       }
    }
    return rvObject;
}
NSS_IMPLEMENT nssCryptokiObject* nssCryptokiObject_Create ( NSSToken *  t,
nssSession *  session,
CK_OBJECT_HANDLE  h 
)

Definition at line 50 of file devutil.c.

{
    PRStatus status;
    NSSSlot *slot;
    nssCryptokiObject *object;
    CK_BBOOL *isTokenObject;
    CK_ATTRIBUTE cert_template[] = {
       { CKA_TOKEN, NULL, 0 },
       { CKA_LABEL, NULL, 0 }
    };
    slot = nssToken_GetSlot(t);
    status = nssCKObject_GetAttributes(h, cert_template, 2,
                                       NULL, session, slot);
    nssSlot_Destroy(slot);
    if (status != PR_SUCCESS) {
       /* a failure here indicates a device error */
       return (nssCryptokiObject *)NULL;
    }
    object = nss_ZNEW(NULL, nssCryptokiObject);
    if (!object) {
       return (nssCryptokiObject *)NULL;
    }
    object->handle = h;
    object->token = nssToken_AddRef(t);
    isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
    object->isTokenObject = *isTokenObject;
    nss_ZFreeIf(isTokenObject);
    NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
    return object;
}
NSS_IMPLEMENT void nssCryptokiObject_Destroy ( nssCryptokiObject *  object)

Definition at line 86 of file devutil.c.

{
    if (object) {
       nssToken_Destroy(object->token);
       nss_ZFreeIf(object->label);
       nss_ZFreeIf(object);
    }
}
NSS_EXTERN PRBool nssCryptokiObject_Equal ( nssCryptokiObject *  o1,
nssCryptokiObject *  o2 
)

Definition at line 116 of file devutil.c.

{
    return (o1->token == o2->token && o1->handle == o2->handle);
}
NSS_IMPLEMENT void nssCryptokiObjectArray_Destroy ( nssCryptokiObject **  objects)

Definition at line 206 of file devutil.c.

{
    if (objects) {
       nssCryptokiObject **op;
       for (op = objects; *op; op++) {
           nssCryptokiObject_Destroy(*op);
       }
       nss_ZFreeIf(objects);
    }
}

Definition at line 125 of file devutil.c.

{
    PRInt32 i;
    for (i = bufLen - 1; i>=0; ) {
       if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0') break;
       --i;
    }
    return (PRUint32)(i + 1);
}
NSS_IMPLEMENT NSSSlot** nssSlotArray_Clone ( NSSSlot **  slots)

Definition at line 140 of file devutil.c.

{
    NSSSlot **rvSlots = NULL;
    NSSSlot **sp = slots;
    PRUint32 count = 0;
    while (sp && *sp) count++;
    if (count > 0) {
       rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
       if (rvSlots) {
           sp = slots;
           count = 0;
           for (sp = slots; *sp; sp++) {
              rvSlots[count++] = nssSlot_AddRef(*sp);
           }
       }
    }
    return rvSlots;
}

Here is the call graph for this function:

NSS_IMPLEMENT void nssSlotArray_Destroy ( NSSSlot **  slots)

Definition at line 162 of file devutil.c.

{
    if (slots) {
       NSSSlot **slotp;
       for (slotp = slots; *slotp; slotp++) {
           nssSlot_Destroy(*slotp);
       }
       nss_ZFreeIf(slots);
    }
}
NSS_IMPLEMENT void NSSSlotArray_Destroy ( NSSSlot **  slots)

Definition at line 176 of file devutil.c.

Here is the call graph for this function:

NSS_IMPLEMENT void nssTokenArray_Destroy ( NSSToken **  tokens)

Definition at line 184 of file devutil.c.

{
    if (tokens) {
       NSSToken **tokenp;
       for (tokenp = tokens; *tokenp; tokenp++) {
           nssToken_Destroy(*tokenp);
       }
       nss_ZFreeIf(tokens);
    }
}
NSS_IMPLEMENT void NSSTokenArray_Destroy ( NSSToken **  tokens)

Definition at line 198 of file devutil.c.

{
    nssTokenArray_Destroy(tokens);
}

Here is the call graph for this function:

NSS_IMPLEMENT void nssTokenObjectCache_Clear ( nssTokenObjectCache *  cache)

Definition at line 296 of file devutil.c.

{
    if (cache) {
       PZ_Lock(cache->lock);
       clear_cache(cache);
       PZ_Unlock(cache->lock);
    }
}
NSS_IMPLEMENT nssTokenObjectCache* nssTokenObjectCache_Create ( NSSToken *  token,
PRBool  cacheCerts,
PRBool  cacheTrust,
PRBool  cacheCRLs 
)

Definition at line 247 of file devutil.c.

{
    nssTokenObjectCache *rvCache;
    rvCache = nss_ZNEW(NULL, nssTokenObjectCache);
    if (!rvCache) {
       goto loser;
    }
    rvCache->lock = PZ_NewLock(nssILockOther); /* XXX */
    if (!rvCache->lock) {
       goto loser;
    }
    rvCache->doObjectType[cachedCerts] = cacheCerts;
    rvCache->doObjectType[cachedTrust] = cacheTrust;
    rvCache->doObjectType[cachedCRLs] = cacheCRLs;
    rvCache->token = token; /* cache goes away with token */
    return rvCache;
loser:
    return (nssTokenObjectCache *)NULL;
}
NSS_IMPLEMENT void nssTokenObjectCache_Destroy ( nssTokenObjectCache *  cache)

Definition at line 308 of file devutil.c.

NSS_IMPLEMENT nssCryptokiObject** nssTokenObjectCache_FindObjectsByTemplate ( nssTokenObjectCache *  cache,
CK_OBJECT_CLASS  objclass,
CK_ATTRIBUTE_PTR  otemplate,
CK_ULONG  otlen,
PRUint32  maximumOpt,
PRStatus statusOpt 
)

Definition at line 827 of file devutil.c.

{
    PRStatus status = PR_FAILURE;
    nssCryptokiObject **rvObjects = NULL;
    if (!token_is_present(cache)) {
       status = PR_SUCCESS;
       goto finish;
    }
    PZ_Lock(cache->lock);
    switch (objclass) {
    case CKO_CERTIFICATE:
       if (cache->doObjectType[cachedCerts]) {
           status = get_token_certs_for_cache(cache);
           if (status != PR_SUCCESS) {
              goto unlock;
           }
           rvObjects = find_objects_in_array(cache->objects[cachedCerts], 
                                             otemplate, otlen, maximumOpt);
       }
       break;
    case CKO_NETSCAPE_TRUST:
       if (cache->doObjectType[cachedTrust]) {
           status = get_token_trust_for_cache(cache);
           if (status != PR_SUCCESS) {
              goto unlock;
           }
           rvObjects = find_objects_in_array(cache->objects[cachedTrust], 
                                             otemplate, otlen, maximumOpt);
       }
       break;
    case CKO_NETSCAPE_CRL:
       if (cache->doObjectType[cachedCRLs]) {
           status = get_token_crls_for_cache(cache);
           if (status != PR_SUCCESS) {
              goto unlock;
           }
           rvObjects = find_objects_in_array(cache->objects[cachedCRLs], 
                                             otemplate, otlen, maximumOpt);
       }
       break;
    default: break;
    }
unlock:
    PZ_Unlock(cache->lock);
finish:
    if (statusOpt) {
       *statusOpt = status;
    }
    return rvObjects;
}
NSS_IMPLEMENT PRStatus nssTokenObjectCache_GetObjectAttributes ( nssTokenObjectCache *  cache,
NSSArena *  arenaOpt,
nssCryptokiObject *  object,
CK_OBJECT_CLASS  objclass,
CK_ATTRIBUTE_PTR  atemplate,
CK_ULONG  atlen 
)

Definition at line 907 of file devutil.c.

{
    PRUint32 i, j;
    NSSArena *arena = NULL;
    nssArenaMark *mark = NULL;
    nssCryptokiObjectAndAttributes *cachedOA = NULL;
    nssCryptokiObjectAndAttributes **oa = NULL;
    PRUint32 objectType;
    if (!token_is_present(cache)) {
       return PR_FAILURE;
    }
    PZ_Lock(cache->lock);
    switch (objclass) {
    case CKO_CERTIFICATE:    objectType = cachedCerts; break;
    case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
    case CKO_NETSCAPE_CRL:   objectType = cachedCRLs;  break;
    default: goto loser;
    }
    if (!cache_available_for_object_type(cache, objectType)) {
       goto loser;
    }
    oa = cache->objects[objectType];
    if (!oa) {
       goto loser;
    }
    for (; *oa; oa++) {
       if (nssCryptokiObject_Equal((*oa)->object, object)) {
           cachedOA = *oa;
           break;
       }
    }
    if (!cachedOA) {
       goto loser; /* don't have this object */
    }
    if (arenaOpt) {
       arena = arenaOpt;
       mark = nssArena_Mark(arena);
    }
    for (i=0; i<atlen; i++) {
       for (j=0; j<cachedOA->numAttributes; j++) {
           if (atemplate[i].type == cachedOA->attributes[j].type) {
              CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j];
              if (cachedOA->attributes[j].ulValueLen == 0 ||
                  cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) 
              {
                  break; /* invalid attribute */
              }
              if (atemplate[i].ulValueLen > 0) {
                  if (atemplate[i].pValue == NULL ||
                      atemplate[i].ulValueLen < attr->ulValueLen) 
                  {
                     goto loser;
                  }
              } else {
                  atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
                  if (!atemplate[i].pValue) {
                     goto loser;
                  }
              }
              nsslibc_memcpy(atemplate[i].pValue,
                             attr->pValue, attr->ulValueLen);
              atemplate[i].ulValueLen = attr->ulValueLen;
              break;
           }
       }
       if (j == cachedOA->numAttributes) {
           atemplate[i].ulValueLen = (CK_ULONG)-1;
       }
    }
    PZ_Unlock(cache->lock);
    if (mark) {
       nssArena_Unmark(arena, mark);
    }
    return PR_SUCCESS;
loser:
    PZ_Unlock(cache->lock);
    if (mark) {
       nssArena_Release(arena, mark);
    }
    return PR_FAILURE;
}
NSS_IMPLEMENT PRBool nssTokenObjectCache_HaveObjectClass ( nssTokenObjectCache *  cache,
CK_OBJECT_CLASS  objclass 
)

Definition at line 320 of file devutil.c.

{
    PRBool haveIt;
    PZ_Lock(cache->lock);
    switch (objclass) {
    case CKO_CERTIFICATE:    haveIt = cache->doObjectType[cachedCerts]; break;
    case CKO_NETSCAPE_TRUST: haveIt = cache->doObjectType[cachedTrust]; break;
    case CKO_NETSCAPE_CRL:   haveIt = cache->doObjectType[cachedCRLs];  break;
    default:                 haveIt = PR_FALSE;
    }
    PZ_Unlock(cache->lock);
    return haveIt;
}
NSS_IMPLEMENT PRStatus nssTokenObjectCache_ImportObject ( nssTokenObjectCache *  cache,
nssCryptokiObject *  object,
CK_OBJECT_CLASS  objclass,
CK_ATTRIBUTE_PTR  ot,
CK_ULONG  otlen 
)

Definition at line 997 of file devutil.c.

{
    PRStatus status = PR_SUCCESS;
    PRUint32 count;
    nssCryptokiObjectAndAttributes **oa, ***otype;
    PRUint32 objectType;
    PRBool haveIt = PR_FALSE;

    if (!token_is_present(cache)) {
       return PR_SUCCESS; /* cache not active, ignored */
    }
    PZ_Lock(cache->lock);
    switch (objclass) {
    case CKO_CERTIFICATE:    objectType = cachedCerts; break;
    case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
    case CKO_NETSCAPE_CRL:   objectType = cachedCRLs;  break;
    default:
       PZ_Unlock(cache->lock);
       return PR_SUCCESS; /* don't need to import it here */
    }
    if (!cache_available_for_object_type(cache, objectType)) {
       PZ_Unlock(cache->lock);
       return PR_SUCCESS; /* cache not active, ignored */
    }
    count = 0;
    otype = &cache->objects[objectType]; /* index into array of types */
    oa = *otype; /* the array of objects for this type */
    while (oa && *oa) {
       if (nssCryptokiObject_Equal((*oa)->object, object)) {
           haveIt = PR_TRUE;
           break;
       }
       count++;
       oa++;
    }
    if (haveIt) {
       /* Destroy the old entry */
       (*oa)->object->token = NULL;
       nssCryptokiObject_Destroy((*oa)->object);
       nssArena_Destroy((*oa)->arena);
    } else {
       /* Create space for a new entry */
       if (count > 0) {
           *otype = nss_ZREALLOCARRAY(*otype,
                                      nssCryptokiObjectAndAttributes *, 
                                      count + 2);
       } else {
           *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
       }
    }
    if (*otype) {
       nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
       if (objectType == cachedCerts) {
           (*otype)[count] = create_cert(copyObject, &status);
       } else if (objectType == cachedTrust) {
           (*otype)[count] = create_trust(copyObject, &status);
       } else if (objectType == cachedCRLs) {
           (*otype)[count] = create_crl(copyObject, &status);
       }
    } else {
       status = PR_FAILURE;
    }
    PZ_Unlock(cache->lock);
    return status;
}
NSS_IMPLEMENT void nssTokenObjectCache_RemoveObject ( nssTokenObjectCache *  cache,
nssCryptokiObject *  object 
)

Definition at line 1070 of file devutil.c.

{
    PRUint32 oType;
    nssCryptokiObjectAndAttributes **oa, **swp = NULL;
    if (!token_is_present(cache)) {
       return;
    }
    PZ_Lock(cache->lock);
    for (oType=0; oType<3; oType++) {
       if (!cache_available_for_object_type(cache, oType) ||
           !cache->objects[oType])
       {
           continue;
       }
       for (oa = cache->objects[oType]; *oa; oa++) {
           if (nssCryptokiObject_Equal((*oa)->object, object)) {
              swp = oa; /* the entry to remove */
              while (oa[1]) oa++; /* go to the tail */
              (*swp)->object->token = NULL;
              nssCryptokiObject_Destroy((*swp)->object);
              nssArena_Destroy((*swp)->arena); /* destroy it */
              *swp = *oa; /* swap the last with the removed */
              *oa = NULL; /* null-terminate the array */
              break;
           }
       }
       if (swp) {
           break;
       }
    }
    if ((oType <3) &&
              cache->objects[oType] && cache->objects[oType][0] == NULL) {
       nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
       cache->objects[oType] = NULL;
    }
    PZ_Unlock(cache->lock);
}
static PRBool search_for_objects ( nssTokenObjectCache *  cache) [static]

Definition at line 467 of file devutil.c.

{
    PRBool doSearch = PR_FALSE;
    NSSSlot *slot = nssToken_GetSlot(cache->token);
    /* Handle non-friendly slots (slots which require login for objects) */
    if (!nssSlot_IsFriendly(slot)) {
       if (nssSlot_IsLoggedIn(slot)) {
           /* Either no state change, or went from !logged in -> logged in */
           cache->loggedIn = PR_TRUE;
           doSearch = PR_TRUE;
       } else {
           if (cache->loggedIn) {
              /* went from logged in -> !logged in, destroy cached objects */
              clear_cache(cache);
              cache->loggedIn = PR_FALSE;
           } /* else no state change, still not logged in, so exit */
       }
    } else {
       /* slot is friendly, thus always available for search */
       doSearch = PR_TRUE;
    }
    nssSlot_Destroy(slot);
    return doSearch;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static PRBool token_is_present ( nssTokenObjectCache *  cache) [static]

Definition at line 456 of file devutil.c.

{
    NSSSlot *slot = nssToken_GetSlot(cache->token);
    PRBool tokenPresent = nssSlot_IsTokenPresent(slot);
    nssSlot_Destroy(slot);
    return tokenPresent;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

enum { ... } cachedObjectType